SECURITY OPERATIONS CENTER (SOC) ( Chapter 5)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/28

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

29 Terms

1
New cards

A centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents

Security Operations Center (SOC)

2
New cards

What Makes a SOC Effective?

people, processes, and technology

3
New cards

work primarily in the monitoring and detection phases of a SO

Security analysts

4
New cards

Incident responder tasks may include:

  • Conducting deeper analysis of suspicious security events using:

  • Search analytics capabilities •

  • Threat intelligence sources

  • Basic forensics techniques

  • Malware analysis tools

  • Performing response activities whenever an incident necessitates •

  • Keeping management apprised of the status of incident response efforts

5
New cards

is typically someone within the security organization with a deep understanding of the organization’s security program and infrastructure.

Security architect

6
New cards

SOC staffing models

knowt flashcard image
7
New cards

is the collection, monitoring, and analysis of security-related data from computer logs. Also referred to as log management.

Security Information Management (SIM)

<p>Security Information Management (SIM)</p>
8
New cards

the practice of network event management including real-time threat analysis, visualization, and incident response.

Security Event Management (SEM)

<p>Security Event Management (SEM) </p>
9
New cards

SIM vs SEM vs SIEM

knowt flashcard image
10
New cards

One of the most competitive offerings on the market.

SolarWinds Security Event Manager (SEM)

<p>SolarWinds Security Event Manager (SEM)</p>
11
New cards

One of the most popular SIEM management solutions in the world.

Splunk Enterprise Security

<p>Splunk Enterprise Security </p>
12
New cards

LogRhythm have long established themselves as pioneers within the SIEM solution sector.

LogRhythm NextGen SIEM Platform

<p> LogRhythm NextGen SIEM Platform</p>
13
New cards

a traditional SIEM product with built-in intrusion detection, behavioral monitoring, and vulnerability assessment.

AT&T Cybersecurity AlienVault Unified Security Management

<p>AT&amp;T Cybersecurity AlienVault Unified Security Management </p>
14
New cards

The platform offers a suite of log management, analytics, data collection, and intrusion detection features to help keep your critical systems up and running.

IBM QRadar SIEM

<p>IBM QRadar SIEM </p>
15
New cards

one of the best SIEM platforms in terms of analytics. The user can collect a variety of logs across a wide range of devices through the Active Directory system.

McAfee Enterprise Security Manager

<p>McAfee Enterprise Security Manager </p>
16
New cards

THE BEST SIEM VENDORS

knowt flashcard image
17
New cards

a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management

Security Onion

18
New cards

USE CASE AND DEPLOYMENT MODES

knowt flashcard image
19
New cards
term image
20
New cards

7 STEPS TO BUILDING A SOC WITH LIMITED RESOURCES

21
New cards
term image
22
New cards
term image
23
New cards
term image
24
New cards
term image
25
New cards
term image
26
New cards
term image
27
New cards
term image
28
New cards
term image
29
New cards
term image